Identity breach laws

According to InfoWorld, after a series of data breaches earlier this year, members of the U.S. Congress raged about the irresponsibility of breached companies and introduced a flurry of bills requiring companies to notify affected customers when data is lost.

Major U.S. companies reported more than 60 data breaches between January and September this year, and although the Congress as well as a number of state legislatures have debated a handful of bills regarding identity data protection, no data breach notification bill has been approved. Most observers express hopes that a data notification bill will be passed in the Congress in 2006. Most of the bills that are discussed now may take a step backward from existing state laws. Besides, some consumer and privacy groups aren’t eager to see federal data breach notification legislation pass — at least not most of the legislation introduced in Congress this year.

Twenty-one states have now passed some form of a data breach notification bill, including a tough New York law that makes no exception for small data breaches or breaches unlikely to result in identity theft, set to go into effect next month. However, some large businesses and trade groups have called for a national, unified law that preempts state laws.

Many of the congressional bills allow breached companies to decide if the breach is likely to lead to identity theft, and thus warrants consumer notification. Federal law concerning identity and privacy protection is likely to be a major incentive for businesses to create more efficient security strategy and work out specific data protection techniques.

This blog is run by the authors of Find Protected, an effective information security solution.

Leave a Reply